The Security Skills Shortage Is Worse Than You Think

I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context. According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find. In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

Given this data, it is fair to assume that many IT security organizations are short staffed and pushing the security team to its limits. As if this wasn’t bad enough, ESG data also points to 3 trends that exacerbate the security skills shortage further impacting the effectiveness of the precious few security personnel in place:

  1. Critical skills deficits. Along with the shortage of staff, many organizations report that their security staff lacks skills in critical areas such as network security, cloud computing/server virtualization security, mobile device security, and security analysis/forensics.
  2. Security staff time management. Large organizations indicate that one of their biggest problems is that their security professionals spend an inordinate amount of their time putting out fires. This limits the time for other more proactive security activities.
  3. Security tools complexity and lack of automation. Security vendors built tools rich in feature/functionality and designed for customization. Unfortunately, many large organizations don’t have the time or staff necessary to fine-tune them or develop expertise in their use.
Topics: IBM Cloud Computing Check Point Palo Alto Networks Private Cloud Infrastructure Information and Risk Management Sourcefire HP Dell McAfee Security and Privacy BYOD Raytheon Lockheed Martin trend micro Symantec saic CSC BT Verizon Unisys Server Virtualization security skills Public Cloud Service

Information Security: A Sobering Topic at VMworld

The technology industry is about to come together next week for VMworld in San Francisco. In the span of a few short years, this show has become a real showcase of the latest and greatest IT technology and industry vision. At VMware, every company wants its IT department to look like Amazon, Google, or Zynga, running applications on fully-automated and orchestrated cloud computing platforms, and easily managing thousands of servers and petabytes of data across multiple data centers.

Topics: Cloud Computing Microsoft VMware Private Cloud Infrastructure Information and Risk Management Security and Privacy VMworld Citrix SANS ISC2 CISO Server Virtualization IT skills security skills Public Cloud Service

Security Services Continue to Grow -- In the Enterprise

In my last blog, I presented some data about the extremely critical but often ignored security skills shortage. While 55% of enterprise organizations (i.e., more than 1,000 employees) plan to add information security headcount this year, 83% say it is "extremely difficult" or "somewhat difficult" to recruit and hire these folks.

Topics: IBM Cloud Computing EMC Private Cloud Infrastructure Information and Risk Management HP Security and Privacy Security SIEM Symantec RSA CISO CSC BT mssp Verizon Unisys security services venture capital Server Virtualization security skills Public Cloud Service

More On The Security Skills Shortage Issue

I frequently peruse information security news, and recently came across this article. The article highlights Symantec CEO Enrique Salem's warning of a shortage of talented cybersecurity professionals in the United States. Furthermore, this shortage is especially pronounced where it may be needed most -- law enforcement, intelligence agencies, and the Department of Defense.

Topics: Information Security Cloud Computing Network Security Cybersecurity End-User Computing Endpoint & Application Virtualization IT Infrastructure Private Cloud Infrastructure Networking Information and Risk Management mobile Security and Privacy BYOD endpoint security DHS Symantec federal government nsa security analytics DoD security skills cloud security

RSA Conference 2012 Observations Part II

I missed the keynotes at RSA as I was buried with wall-to-wall meetings from the time I arrived on Monday through Thursday evening. Nevertheless, I had a chance to speak with a lot of security industry insiders and IT security professionals during my time at RSA. Building on my previous blog, here are a few additional take-aways:

Topics: IBM Check Point Palo Alto Networks Fortinet Cisco Information and Risk Management Sourcefire McAfee Security and Privacy Juniper Networks trend micro Symantec F5 Firewall Anti-malware crossbeam systems security skills SonicWall

Information Security Budgets Will Increase in 2012

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Topics: IBM Network Security Check Point Cisco Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy SIEM Symantec ISC2 Damballa Unisys security skills IT security spending

Information Security Skills Shortage Continues

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. The latest 2012 report will be published soon, but in the meantime, I've taken a look at the data that will be included. One of the things we track is IT hiring plans in all areas including IT security.

Topics: Information Security Cybersecurity Information and Risk Management Security and Privacy federal government ISC2 NIST security services CISSP security skills cloud security